<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;

class CustomAuth
{
    //不需要验证的权限
    protected $exceptPow=[
        'admin/adinfo','admin/upimgs','admin/upimg'
    ];

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $token  = $request->header('X-Token')?$request->header('X-Token'):'';
        try{
            if(!$token){ //判断有无token返回，若无，则返回错误响应
                return response()->json([
                    'code'=>50000,
                    'message'=>'请先登录!'
                ]);
            }else{
                $data = decrypt($token);
                $time = time();
                if($data['expire']<$time){
                    return response()->json([
                        'code'=>50002,
                        'message'=>'登录失效',
                        'data'=>$data
                    ]);
                }else{
                    $request->logintoken = $token;
                    $can = $this->canRequest($request,$token);
                    if($can){
                        return $next($request);
                    }else{
                        return response()->json([
                            'code'=>50003,
                            'message'=>'无权操作'
                        ]);
                    }
                }
            }
        }catch (\Exception $e){
            return response()->json([
                'code'=>50001,
                'message'=>'登录出错'
            ]);
        }
    }

    //登录token生成方法
    protected function setToken($key,$expire=3600){
        $time = time();
        $data = ['key'=>$key,'expire'=>$time+$expire];
        $token = encrypt($data);
        return $token;
    }

    //判断有无该权限
    protected function canRequest($request,$token){
        $path = $request->path();
        if(in_array($path,$this->exceptPow)){ //判断是不是无需验证的权限
            return true;
        }
        $roleid = DB::table('admins')->where('token','=',$token)->value('roleid');
        if(!$roleid){ //超管
            return true;
        }else{
            if($roleid<0){ //无权限
                return  false;
            }else{
                $powers = DB::table('role_powers')->leftJoin('admin_powers','admin_powers.id','=','role_powers.pid')
                    ->leftJoin('admin_navs','admin_powers.navid','=','admin_navs.id')
                    ->leftJoin('admin_modules','admin_navs.moid','=','admin_modules.id')
                    ->select('admin_powers.path','admin_modules.modspace','pid','roleid')
                    ->where('role_powers.roleid','=',$roleid)->get();
                if($powers){
                    $return = false;
                    foreach ($powers as $p){
                        $tempath = 'admin/'.strtolower($p->modspace).'/'.$p->path;
                        if($tempath==$path){
                            $return = true;
                            break;
                        }
                    }
                    return $return;
                }else{
                    return false;
                }
            }
        }
    }
}
